WASHINGTON D.C. – The information security industry deserves credit for recent high-profile wins against major security flaws and malicious attackers, according to one expert, but there's no question that when it comes to cyberwarfare, targeted attacks and digital terrorism, the worst is yet to come.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

SearchSecurity.com:

To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

He praised last year's collaboration among the FBI, the government of The Netherlands and Russian antimalware vendor Kaspersky Lab to identify and apprehend the creators of the Shadow botnet, believed to have surreptitiously seized control of up to 150,000 computers worldwide.

Thomas also noted the successful partial disclosure of the DNS cache poisoning flaw discovered last year by IOActive Inc. researcher Dan Kaminsky. In March 2008, Kaminsky helped organize a secret vendor summit that led to a coordinated patch release before attackers could exploit the flaw.

More partial disclosure?

Amid the success of Dan Kaminsky's effort with his DNS cache-poisoning flaw discovery, is partial disclosure compromise that could finally resolve the information security industry's full disclosure debate once and for all?

Thomas said if it's done right -- revealing need-to-know information only to a select group of trusted parties, typically large vendors -- partial disclosure of a serious flaw can be more beneficial than full disclosure or non-disclosure.

However, he added that both partial and full disclosures are risky because both strategies demand the release of information that attackers could use to formulate an exploit. Even with only the most basic flaw description, clever attackers may still find a way to reverse-engineer it for malicious purposes.

"It's an extremely useful publicity vehicle, but it's also very dangerous," Thomas said of partial disclosure. "So if someone were to ask us, we'd advise against it."

~ Eric Parizo

Despite those successes, Thomas said there are many other threats that pose an immediate risk to enterprises. One that emerged prominently last year was international cyberwarfare, namely nations such as Russia and China mounting digital offensives against nations and other entities.

Though some believe the threat of cyberwarfare is overblown, Thomas said it is "absolutely a reality," noting documented, government-sanctioned attacks mounted by Russia against its neighbors, including Estonia and Georgia, which are usually in support of military operations. "If you ever get into a conflict with the Russian military, you have to expect a cyberattack."

Thomas said other nations and nation-states have sought more involvement in cyberattacks. He said China's offensive capabilities will equal those of Russia by the end of 2009, South American nations are quickly becoming more sophisticated in their efforts, and that Muslim extremist leaders have issued fatwas legitimizing the use of Internet attacks and fraud to raise funds.

Thomas said cyberterrorism could be one of the top information security dangers likely to worsen in the next five to 10 years. He said it's likely that a terror group will launch a cyberattack against a socioeconomic or political target coinciding with a physical attack.

While the cyberterrorism event itself may or may not be effective, Thomas said a strong government response seeking to prevent future incidents will undoubtedly be a disruptive event for the information security industry in the form of new laws and/or information security guidelines.

"Bullet-proof" attacksOrganized cybercrime has also become a major source of concern. Thomas said tightly managed underground businesses have developed solely to profit from malicious activities like botnets, spamming, spear-phishing, and the planting of Trojans and rootkits.

Even though they originated in third world countries, the attacks were most often spawned from a single consecutive IP address range, making them easy to stop. Today, Thomas said, not only do large-scale attacks originate from hard-to-block dispersed IP address ranges intermixed with those used by the general public, but they are also supported by "bullet-proof" ISPs, which receive kickbacks from attackers in exchange for ignoring their malicious activities.

Thomas added that some cybercrime organizations have taken their enterprises to the next level by opening multilingual call centers in countries like Romania so that, for instance, if a potential victim dials a phone number listed in a spear phishing email, he or she will be answered by a seemingly legitimate call center worker.

"These are highly specialized cyber-cartels that will protect their revenue streams by any means," Thomas said.

In addition, Thomas noted Internet Protocol version 6 (IPv6) as a long-term threat. Though U.S. adoption of IPv6 is still a long way off, Thomas said foreign attackers in Europe and Asia, where IPv6 is already being implemented, are learning how to take advantage of it. That means when U.S. organizations make the switch, their security operations teams will likely face an immediate disadvantage in defending their networks against more experienced attackers.

Attendee Pete Storm, a security manager at a non-profit education company, said with so many current and emerging threats, the seemingly inane task of surfing the Web has become fraught with danger.

Storm said that, for example, if his users have to visit foreign websites as part of their jobs, even legitimate sites could be infected with difficult-to-detect malware. Despite being an information security pro, he lamented the labor-intensive challenge protecting his own systems has become.

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy